Facilitated Risk Analysis Process (FRAP)
Facilitated Risk Analysis Process (FRAP): A methodology for performing risk analysis and assessment within an organization. It is a qualitative risk management approach that involves identifying threats and vulnerabilities and then discussing potential impacts and countermeasures with the aim of prioritizing risks. FRAP is designed to be less time-consuming than quantitative risk analysis by focusing […]
ERM (Enterprise Risk Management)
ERM (Enterprise Risk Management): A comprehensive, systematic approach to managing all the risks that an organization faces. The aim is to maximize the firm’s value by managing the potential impact of uncertainty on objectives. This approach includes identifying potential risks, assessing their likelihood and impact, developing response strategies, and monitoring progress.
Ethical Disclosure
Ethical Disclosure: The practice of responsibly reporting security vulnerabilities found in software or systems to the organization responsible, allowing them time to address and fix the issues before they can be exploited by malicious actors.
EU-US Privacy Shield
EU-US Privacy Shield: The EU-US Privacy Shield was a framework designed to ensure compliance with EU data protection requirements when transferring personal data from the European Union to the United States. However, it’s important to note that the Privacy Shield was invalidated by the Court of Justice of the European Union (CJEU) in July 2020. […]
Evaluation Assurance Level (EAL)
Evaluation Assurance Level (EAL): A numerical grade assigned to an information system product or system for the certification of its security. Defined by the Common Criteria certification standards, the EAL represents a third-party assessment of the design, implementation, and testing of security functions, with levels ranging from EAL1 (functionally tested) to EAL7 (formally verified, designed, […]
Export Administration Regulations (EAR)
Export Administration Regulations (EAR): United States regulatory laws that govern the export and re-export of most commercial items, including “dual-use” items that can serve both commercial and military or proliferation applications. EAR is administered by the Bureau of Industry and Security under the US Department of Commerce and covers technologies such as computers, software, and […]